I did the following to run the ever-popular combination of LetterRip
Pro and EIMS on a machine with two IP numbers running a standard OS X
install (10.3.8) so I don't know if it works on anything else (e.g.
10.4, or Server versions). It is based on a suggestion from Glenn
Anderson and built with stuff gathered from various sites on the
Internet.
Here's my solution with no warranty expressed or implied :)
You can control which IP and port LRP listens on, you cannot for
EIMS. So for these instructions 192.168.1.100 is intended for use by
EIMS and 192.168.1.200 is intended for use by LRP using SMTP to
accept incoming mail. Of course change these to the real IPs for your
network.
Basically the solution diverts incoming traffic intended for
192.168.1.200:25 to 192.168.1.200:26.
EIMS will still listen on port 25 of 192.168.1.200 but there will be
no conflict on startup because LRP will be using port 26. Nothing
will get to EIMS on port 25 of the 192.168.1.200 because the firewall
rule will divert traffic on port 25 to 26 as soon as it enters the
machine.
If you need EIMS to send mail to LRP you need to add a mail route
since EIMS still thinks it is both IP numbers and will report a mail
loop. In the mail routes tab you can specify that mail for
"list.domain.com" (or whatever your LRP host name is) routes through
"list.domain.com:26" or you can do the same thing using IP addresses.
Here are the instructions for setting up the firewall rule. This is
mostly from the article mentioned below which you may want to read as
a background piece. The forwarding rule is pieced together from man
page info and other sources. If the email is not clear you can view
the article in the link. In my instructions the firewall script
creates ONLY the forwarding rule. If you want to add more traditional
firewall rules into the mix they are detailed in the article.
These instructions do the following:
1) Setup ipfw modification using instructions in MacDev Center article to:
a) Forward incoming traffic on 192.168.1.200:25 to 192.168.1.200:26
b) Set this to automatically load on startup.
(Quoted from the
http://www.macdevcenter.com/pub/a/mac/2005/03/15/firewall.html
article)
--------BEGIN QUOTING---------------
Create a file to contain the firewall rules in /etc/rc.firewall
#!/bin/sh
IPFW='/sbin/ipfw -q'
$IPFW -f flush
$IPFW add 2000 fwd 192.168.1.200,26 tcp from any to 192.168.1.200 25 in
Create a Startup Script
We need to create a directory called /Library/StartupItems/Firewall
and include in it two files. The first is a generic startup script
called Firewall.
#!/bin/sh
##
# Firewall
##
. /etc/rc.common
StartService ()
{
if [ "${FIREWALL:=-NO-}" = "-YES-" ]
then
ConsoleMessage "Starting Firewall"
sh /etc/rc.firewall > /dev/null
fi
}
StopService ()
{
ConsoleMessage "Stopping Firewall"
/sbin/ipfw -f -q flush
}
RestartService ()
{
StopService
StartService
}
RunService "$1"
Additionally, we require a "StartupParameters.plist" file to tell the
system when to start our script.
{
Description = "Firewall";
Provides = ("Firewall");
Requires = ("NetworkExtensions","Resolver");
OrderPreference = "Late";
Messages =
{
start = "Starting firewall";
stop = "Stopping firewall";
};
}
The real work is undertaken by the /etc/rc.firewall script where the
actual calls to ipfw are made. For a moment, let's just look at the
Firewall script. The service will only start if the environment
variable FIREWALL is set to YES. The advantage is that if FIREWALL is
undefined, it will default to NO. This allows us to try out new
firewall rules by running the /etc/rc.firewall script by hand.
But if we have to reboot our computer, our rules will not be
automatically loaded until we add the line FIREWALL=-YES- to the
/etc/hostconfig file.
This is a useful safety net when we are developing our own rules.
Once we run our own rules, the firewall tab under services will not
be usable until we run sudo ipfw flush to remove our rules.
Type "sudo ipfw list" to view the rules currently in use
--------END QUOTING---------------
There you go. Alter and adapt as needed.
Can you get LetterRIP and EIMS to operate on the same computer, if the
computer has multiple IP addresses assigned to it? For example,
xxx.xxx.xxx.1 is assigned to EIMS, and xxx.xxx.xxx.2 is assigned to
LetterRIP. Will both SMTP services function, or is it one SMTP engine per
server regardless of IPs? (Yes, I know I could just set letterRIP to
operate via POP, which is the way I'm currently headed, but I'm curious.)
Thanks
Tony
------------------------------------
Tony Moller - Network Admin
DRCS
6849 Old Dominion Drive - Suite 320
McLean, VA 22101
Tel: 703-749-3118 Fax: 703-749-0967
Cel: 703-347-3645 <[EMAIL PROTECTED]>
--
This message is from the Letterrip-Talk Mailing list.
To unsubscribe, send mail to: [EMAIL PROTECTED]
Archive: http://www.mail-archive.com/letterrip-talk%40lists.letterrip.com/
--
----------------------------------------------------------------------
Patrick Ridout
Technical Services Director | Phone: 215-898-6581 (ext. 104)
The Daily Pennsylvanian | Fax: 215-898-2050
4015 Walnut Street | E-Mail: [EMAIL PROTECTED]
Philadelphia, PA 19104-6198 | Web Site: http://dailypennsylvanian.com
--
This message is from the Letterrip-Talk Mailing list.
To unsubscribe, send mail to: [EMAIL PROTECTED]
Archive: http://www.mail-archive.com/letterrip-talk%40lists.letterrip.com/
